Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/EE31719E28F611F0AADAFF82C4F9AE02.roa
File: EE31719E28F611F0AADAFF82C4F9AE02.roa (raw, json)
Hash identifier: XqFs9FTS2nbLQrJzPrsn/6oKnY0KinT56AKqx3zDDT8=
Subject key identifier: 8C:BB:62:2A:D7:5C:BC:01:74:37:0E:D1:E8:44:4A:80:11:5E:D7:DD
Certificate issuer: /CN=A91450A4/serialNumber=3D1D6A332AEA4EC502037A0909F4CC19D42DB198
Certificate serial: 0803
Authority key identifier: 3D:1D:6A:33:2A:EA:4E:C5:02:03:7A:09:09:F4:CC:19:D4:2D:B1:98
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/EE31719E28F611F0AADAFF82C4F9AE02.roa
Signing time: Sun 04 May 2025 14:49:31 +0000
ROA not before: Sun 04 May 2025 14:49:31 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 133739
IP address blocks: 43.243.236.0/22 maxlen: 24
103.24.240.0/23 maxlen: 24
103.39.60.0/22 maxlen: 22
103.39.60.0/23 maxlen: 24
103.39.62.0/24 maxlen: 24
103.39.63.0/24 maxlen: 24
103.224.208.0/23 maxlen: 24
103.224.211.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2051 (0x803)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91450A4, serialNumber=3D1D6A332AEA4EC502037A0909F4CC19D42DB198
Validity
Not Before: May 4 14:49:31 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=68177e7a-2623
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:72:f8:ef:c3:17:01:4b:e3:02:dd:cf:f3:74:
c2:a4:66:d4:9c:1d:c6:b4:b9:70:76:a6:06:46:57:
28:3b:fc:03:95:4d:a1:50:a7:73:85:82:3d:10:05:
fe:65:b1:49:3a:3a:d3:5d:bd:28:b3:3d:37:0d:67:
bb:32:76:89:aa:ba:6f:57:4c:15:f3:9f:8e:ab:2d:
c1:97:6e:d0:cb:24:0a:30:77:74:4c:d2:a1:36:f3:
90:f9:8f:c2:df:4e:fc:43:48:a7:46:c3:07:9d:bd:
43:72:4b:1b:5f:39:0a:07:3a:f2:80:1c:76:9a:bc:
09:d5:a7:65:23:d4:f4:57:a4:d0:a6:e2:2c:ef:61:
79:ff:9f:91:e7:01:ef:41:2c:eb:51:da:e9:d5:07:
fa:69:07:aa:71:93:14:eb:ec:2a:69:a7:c7:57:3a:
85:22:b1:e9:e4:5b:ae:ab:b5:bf:6a:c4:1d:cd:7c:
ee:9e:69:6b:0b:f7:8a:fd:9a:2e:26:7b:c8:48:fc:
26:65:1f:9b:ae:fd:4e:96:4f:90:d3:64:62:86:e7:
2d:61:08:e6:f4:70:74:ae:b6:70:b9:a1:82:6b:58:
70:7a:83:c2:2e:bc:d9:50:96:8d:09:20:d4:00:9f:
cf:10:d7:e3:e0:eb:cc:89:2a:f8:3d:4a:6e:45:bd:
98:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:BB:62:2A:D7:5C:BC:01:74:37:0E:D1:E8:44:4A:80:11:5E:D7:DD
X509v3 Authority Key Identifier:
keyid:3D:1D:6A:33:2A:EA:4E:C5:02:03:7A:09:09:F4:CC:19:D4:2D:B1:98
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/EE31719E28F611F0AADAFF82C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.243.236.0/22
103.24.240.0/23
103.39.60.0/22
103.224.208.0/23
103.224.211.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:19:e8:2d:a3:1a:c0:dd:c7:00:4e:0a:90:6e:9f:eb:7f:e9:
66:2c:3b:a7:65:7f:6b:96:2d:3d:6f:f8:5e:5b:16:27:4e:ba:
b4:dd:54:25:be:03:69:cc:a6:d1:d2:93:06:91:27:e8:ed:74:
32:31:01:47:ae:88:58:3f:00:f5:55:69:b1:2d:33:07:42:8f:
e5:f2:ae:b3:aa:6e:ce:2d:a6:a9:72:f8:55:e4:55:97:5c:2c:
33:b1:7a:70:75:04:8b:c1:a1:02:8e:5c:1b:b8:5c:c7:27:12:
65:65:07:d7:11:c7:06:0c:d0:6d:69:a4:9d:18:8d:ee:e2:64:
2c:49:d0:9a:0c:54:8d:2e:00:4a:93:2f:d1:e7:30:1b:cb:5a:
67:66:42:b3:c0:6c:fd:a6:97:a9:6a:a8:e1:d5:56:2b:d5:3a:
64:ec:12:b3:81:f7:ac:8d:9b:df:e9:6b:98:06:8d:42:6d:eb:
be:d9:80:1b:b4:55:fc:b7:68:ce:76:bf:48:4f:cc:8d:54:4f:
fd:c7:d4:a5:0f:60:23:54:70:a8:7b:ea:cd:ab:4a:90:a3:4f:
c7:18:e3:dc:af:b3:e8:60:db:72:06:fa:f6:ea:0d:01:58:65:
ad:42:a4:0d:c0:7b:f5:6b:fb:b3:20:00:ee:72:ec:4c:43:18:
9d:f1:9b:26
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICCAMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDUwQTQxMTAvBgNVBAUTKDNEMUQ2QTMzMkFFQTRFQzUwMjAzN0EwOTA5RjRDQzE5
RDQyREIxOTgwHhcNMjUwNTA0MTQ0OTMxWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODE3N2U3YS0yNjIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvXL478MXAUvjAt3P83TCpGbUnB3GtLlwdqYGRlcoO/wDlU2hUKdzhYI9EAX+
ZbFJOjrTXb0osz03DWe7MnaJqrpvV0wV85+Oqy3Bl27QyyQKMHd0TNKhNvOQ+Y/C
3078Q0inRsMHnb1DcksbXzkKBzrygBx2mrwJ1adlI9T0V6TQpuIs72F5/5+R5wHv
QSzrUdrp1Qf6aQeqcZMU6+wqaafHVzqFIrHp5Fuuq7W/asQdzXzunmlrC/eK/Zou
JnvISPwmZR+brv1Olk+Q02RihuctYQjm9HB0rrZwuaGCa1hweoPCLrzZUJaNCSDU
AJ/PENfj4OvMiSr4PUpuRb2YxwIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFIy7YirX
XLwBdDcO0ehESoARXtfdMB8GA1UdIwQYMBaAFD0dajMq6k7FAgN6CQn0zBnULbGY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NTBBNC9ERDQ3MzY5ODBD
MzYxMUVCQTRFNDlFMjFDNEY5QUUwMi9QUjFxTXlycVRzVUNBM29KQ2ZUTUdkUXRz
WmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BSMXFNeXJxVHNVQ0Ezb0pDZlRNR2RRdHNaZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDUwQTQvREQ0NzM2OTgwQzM2MTFFQkE0RTQ5RTIxQzRGOUFFMDIvRUUzMTcxOUUy
OEY2MTFGMEFBREFGRjgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAIr8+wDBAFnGPADBAJnJzwDBAFn4NADBABn4NMwDQYJKoZI
hvcNAQELBQADggEBADwZ6C2jGsDdxwBOCpBun+t/6WYsO6dlf2uWLT1v+F5bFidO
urTdVCW+A2nMptHSkwaRJ+jtdDIxAUeuiFg/APVVabEtMwdCj+XyrrOqbs4tpqly
+FXkVZdcLDOxenB1BIvBoQKOXBu4XMcnEmVlB9cRxwYM0G1ppJ0Yje7iZCxJ0JoM
VI0uAEqTL9HnMBvLWmdmQrPAbP2ml6lqqOHVVivVOmTsErOB96yNm9/pa5gGjUJt
677ZgBu0Vfy3aM52v0hPzI1UT/3H1KUPYCNUcKh76s2rSpCjT8cY49yvs+hg23IG
+vbqDQFYZa1CpA3Ae/Vr+7MgAO5y7ExDGJ3xmyY=
-----END CERTIFICATE-----
Generated at Fri Jun 20 17:46:13 2025 by rpki-client